Net Worker World

Solution 1 -  local-in-policy https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-Allowing-access-to-the-FortiGate-SSL/ta-p/222845 1. Create geography objects for US, Canada and RFC1918 IP addresses. 2. Add local-in-policy config firewall local-in-policy     edit 1         set intf "wan1"         set srcaddr "G - ALL PRIVATE ADDRESS RANGES" "GEO-Canada" "GEO-US"         set dstaddr "WAN1-192.168.2.33"         set action accept         set service "HTTPS"         set schedule "always"     next     edit 2         set intf "wan1"         set srcaddr "all"         set dstaddr "WAN1-192.168.2.33"         set service "HTTPS"         set schedule "always"     next end Solution 2 - source-address-negate https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-SSL-VPN-Connection-from-a-certain/ta-p/206883 1. Create an address and address group 2

  Dashboard > FortiView Source Right-click on the source to ban and select Ban IP To view the banned IP on the GUI, navigate to Dashboard > Users & Devices > Quarantine: CLI Show banned IPs FG70 # diag user quarantine list src-ip-addr       created                  expires                  cause             192.168.111.10    Wed Mar 15 14:36:50 2023 Wed Mar 15 15:06:50 2023 Administrative    Ban an IP FG70 # diag user quarantine add src4 192.168.111.9 300 admin